refactor: simplify content_view_ hit-test transparency on macOS

[MarshallOfSound]

Description of Change

Replaces the fix for #51576 that landed in #51586 with a more scoped one. Same crash fix, much smaller surface.

Background

For BrowserWindow on macOS, the WebContentsView is added as a sibling of content_view_ at lower z-order so that user-added child views paint above web content. But content_view_ covers the whole window, so the default views hit-test always stops at content_view_ before reaching the WebContentsView. After Chromium CL:6574464 (M139) changed BridgedContentView::hitTest: to use GetHitTestResult(), any non-NativeViewHost hit result causes BridgedContentView to swallow the event — so all loadURL page interaction broke. #50330 worked around this by making ContentViewTargeterDelegate::TargetForRect return nullptr when no descendant of content_view_ covered the hit rect, so the result would propagate up as null → kOther → [super hitTest:] finds RenderWidgetHostViewCocoa.

Returning nullptr from ViewTargeterDelegate::TargetForRect violates its contract — for any in-bounds point it must resolve to a descendant or the root, never null (ui/views/view_targeter_delegate.h, ui/views/view.h). RootView::UpdateCursor and RootView::HandleMouseEnteredOrMoved both call GetEventHandlerForPoint() and dereference the result without a null check (ui/views/widget/root_view.cc:851-853, :864-871). When a right-click in a -webkit-app-region: drag region temporarily disables draggable regions (electron_ns_window.mm), the HTCAPTION early-exit no longer fires, the views path runs, and the nullptr SEGVs (#51576).

Why #51586 wasn't the right shape

#51586 fixed the crash, but did so by moving the transparency logic to a new targeter on RootViewMac that re-implements views::ViewTargeterDelegate::TargetForRect's child-walk loop so it can skip content_view_ and pick a sibling. That has several problems:

1. It duplicates ~25 lines of upstream logic that is exactly the part of views most likely to change (mirroring, layer transforms, visibility semantics, rounding mode). Any upstream change to that loop now needs to be ported by hand or the two will silently diverge.
2. It already has one divergence baked in. It uses View::ConvertRectToTarget(root, child, rect) (the gfx::Rect overload, which rounds inward via ToEnclosedRectIgnoringError), while the upstream loop converts to a gfx::RectF and rounds outward via ToEnclosingRect. For a 1×1 hit rect on a fractional-DPI display, those can disagree.
3. It only special-cases point-based targeting (UsePointBasedTargeting(rect)), so rect-based/touch targeting still falls through to the default — which returns content_view_ → kRootView — i.e. the original loadURL-interaction bug is still live for the non-point path. chore: remove macos hittest workaround patch #50330 covered both.
4. It leaks a macOS-only quirk into the platform-neutral surface. native_window.h (the cross-platform base) grew a content_view_hit_test_transparent_ flag + getter + setter that only native_window_mac.mm reads, and BrowserWindow's constructor (also platform-neutral) grew a set_content_view_hit_test_transparent(true) that does nothing on Windows/Linux.
5. Latent footgun: the return skipped_content_view ? skipped_content_view : root; fallback returns content_view_ → kRootView → swallowed — the exact behavior chore: remove macos hittest workaround patch #50330 was fixing. It's unreachable today only because WebContentsView always covers the window; if the view structure changes, this re-introduces the bug.
6. It conflates two responsibilities. "I am a transparent overlay" is a property of content_view_, not something its parent's targeter should have special knowledge of.

What this PR does instead

The views hit-test machinery already has a hook for "is this view opaque to events at this rect?" — ViewTargeterDelegate::DoesIntersectRect, which View::HitTestRect consults. The parent's default TargetForRect loop already checks child->HitTestRect() and skips children that say no (view_targeter_delegate.cc:61-63). So we can fix #50330 in place: keep the targeter on content_view_, keep the same install site in SetContentView, and override DoesIntersectRect to return false when no visible, processable child of content_view_ covers the rect. The parent's default loop then falls through to the WebContentsView sibling and resolves to its NativeViewHost — kSubView → routes to RenderWidgetHostViewCocoa — without ever returning nullptr from TargetForRect or duplicating the upstream walk.

This reverts the NativeWindow flag, the BrowserWindow constructor change, and RootViewMacTargeterDelegate. The net change vs the buggy #50330 state is a single method-body swap inside native_window_mac.mm.

Verification

Verified on macOS 26.4 (25E246), arm64, driving input with real OS-level CGEventPost events so the NSWindow → BridgedContentView::hitTest: → RootView::UpdateCursor → targeter path is actually exercised:

• loadURL interaction (the chore: remove macos hittest workaround patch #50330 regression check): button click, input focus + typing, hover → pointingHand cursor, link click — all work.
• Right-click in -webkit-app-region: drag (the Crash (SIGSEGV) on right-click in -webkit-app-region: drag on macOS 26 (Tahoe) #51576 crash check): right-click bar, mouse-move over bar, drag (window moved), Ctrl+click, right/left-click content — no SIGSEGV on any step.
• Child WebContentsView over web content: clicking a WebContentsView overlaid on content_view_ and clicking the background page both route correctly; DoesIntersectRect returns true over the overlay child and false outside it.
• api-browser-window-spec.ts -g "BrowserView|contentView|setContentView": 4/4. api-web-contents-view-spec.ts: 29/29. drag-region-spec.ts: 6/6 (8 skip, non-macOS).

Backports

• 41-x-y is not affected — chore: remove macos hittest workaround patch #50330 was never backported there; the original Chromium revert patch is still in place. (fix: don't return a nullptr from TargetForRect (#51586) #51611 was correctly closed unmerged.)
• 42-x-y / 43-x-y: the open fix: don't return a nullptr from TargetForRect #51586 backports (fix: don't return a nullptr from TargetForRect #51605, fix: don't return a nullptr from TargetForRect #51606) should be replaced with backports of this PR once it lands.

Checklist

• PR description included
• npm test passes
• PR release notes describe the change in a way relevant to app developers, and are capitalized, punctuated, and past tense.

Release Notes

Notes: none

[nmggithub]

Tentatively approving this. Looks good, and it actually covers things I wasn't really happy about with my initial pass (duplication of logic, extra state, constructor modification). Thanks for the improvement!

[release-clerk]

No Release Notes

[trop]

I was unable to backport this PR to "43-x-y" cleanly;
you will need to perform this backport manually.

[trop]

I was unable to backport this PR to "42-x-y" cleanly;
you will need to perform this backport manually.

[trop]

@VerteDinde has manually backported this PR to "43-x-y", please check out #51625

[trop]

@VerteDinde has manually backported this PR to "42-x-y", please check out #51626